ISO/IEC 38500 IT Governance

ISO/IEC 38500 provides principles, definitions, and a model to help the governing bodies understand the importance of Information Technology (IT).This standard is intended to help all types of organizations in evaluating, directing and monitoring the use of Information Technology (IT), regardless of the degree of IT usage. It consists of management practices and decisions associated with the current and future use of IT. The purpose of this standard is to promote an effective, efficient and acceptable use of IT in all organizations by informing and guiding governing bodies in governing the IT use and establishing an IT governance vocabulary.

Benefits of ISO 38500

ISO/IEC 38500 applies to the governance of management processes and decisions relating to an organisation’s information and communication services.

It defines six principles:

  • Establish responsibilities
  • Plan to best support the organisation
  • Make acquisitions for valid reasons
  • Ensure necessary levels of performance
  • Ensure conformance with rules
  • Ensure respect for human factors